skip navigation

More signal. Less noise.

Looking for an introduction to AI for security professionals?

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.

Daily briefing.

ISIS, effectively ejected from territory it once controlled, appears to be entering its long-anticipated diaspora phase, which informed observers expect to be marked by more focus on cyberspace. For the foreseeable future, this is held by most to mean increased attempts at online inspiration.

Criminals continue their attempts on cryptocurrencies. SentinelOne announces discovery of a new cryptocurrency mining Trojan, "OSX.CpuMeaner," that targets Macs.

Google's latest sweep through Google Play turns up several apps equipped with the Tizi backdoor. Tizi has typically been used to install spyware on target devices.

There are other concerns about Android security and, especially, privacy. A study by Yale University concludes that about three-quarters of Android apps come with third-party tools that track users' activity.

Forcepoint warns of a massive spam campaign that's distributing Scarab ransomware. Ransomware is enjoying a burgeoning demand in the black-market souks. Carbon Black has reported a 2500% rise in ransomware sales since last year. Ransomware is also growing more targeted, more difficult to detect.

No one seems to be buying the whistling in the dark Uber did before its recent shake-up and breach disclosure. It strikes most observers as unlikely in the extreme that the criminals who hacked the ride service actually destroyed the data they stole.

The US has indicted three Chinese nationals for theft of intellectual property. They work or worked for the Guangzhou Bo Yu Information Technology Company; the US thinks the firm is an espionage operation. 

Thoma Bravo is taking Barracuda Networks private. Trend Micro acquires Immunio.


Today's issue includes events affecting Australia, Canada, China, European Union, France, Germany, Iran, Iraq, NATO/OTAN, Pakistan, Russia, Syria, United Kingdom, United States.

Your cyber security posture is right of boom.

Whether you're focused on IT or national security, exploits and data loss incidents put your mission at risk. Your current tools assess and analyze content after it's breached your network - they all work right of boom. It's only a matter of time until boom happens to you. Don't let it.

In today's Podcast, we hear from our partners at Terbium Labs, as Dark Web expert Emily Wilson talks about the privacy of children online. Our guest, Bryan Ware from Haystax, discusses the analysis of incoming data streams.

Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Earn a master’s degree in cybersecurity from SANS (Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit

Cyber Attacks, Threats, and Vulnerabilities

The Caliphate Is Destroyed, But the Islamic State Lives On (Foreign Policy) Why the United States can’t be complacent about undermining the remnants of the terrorist group.

The jihadist plan to use women to launch the next incarnation of ISIS (Washington Post) Wives and mothers of the fighters are starting to come home, but not all have left the caliphate behind.

They're calling it "love Jihad"—ISIS supporters in India are marrying Hindu women to spread extremism, reports say (Newsweek) Critics say the claim is a conspiracy theory concocted by Hindu hardliners.

Is the Philippines the Next Caliphate? (Foreign Policy) ISIS is looking to regroup, and is setting its sights eastward.

OSX.CpuMeaner: New Cryptocurrency Mining Trojan Targets macOS (SentinelOne) OSX.CpuMeaner: New Cryptocurrency Mining Trojan Targets macOS - SentinelOne

Tizi backdoor rooted Android devices by exploiting old vulnerabilities (Help Net Security) Google has discovered and removed from Google Play a number of apps that contained the Tizi backdoor, which installs spyware to steal sensitive data.

Three quarters of Android apps track users with third party tools – study (the Guardian) Yale University’s Privacy Lab using research to call on developers and Google ‘for increased transparency into privacy and security practice’

Ransomware Attack Involving Scarab Malware Sends Over 12M Emails in 6 Hours (HackRead) Security researchers at the Austin based Anti-virus software firm Forcepoint have discovered a massive spam ransomware campaign in which the Scarab malware

Warning issued for ransomware outbreak (IT World Canada) Infosec leaders should be warning employees of opening email with the headers

Cybercrime selling like hotcakes: Ransomware sales soar 2500% in one year (Security Brief) ​The way criminals ply their trade has changed dramatically since the rise of the digital era, and not for the better – at least for the victims.

Tailored, Targeted Ransomware Evolves (Infosecurity Magazine) A focused targeting of extensions can allow many ransomware samples to hide under the radar of many defenders.

Evolution of ransomware makes it hard to defend against, warns National Crime Agency (Computing) New strains of ransomware are both more subtle and more virulent, explains head of technology Paul Edmunds

Punycode: Undetectable, but not Unbeatable (Infosecurity Magazine) While Punycode attacks can be beaten, there’s only so much that businesses can do to protect individuals and organizations.

How does the Stack Clash vulnerability target Unix-based OSes? (SearchSecurity) Stack Clash, an older privilege escalation vulnerability in Unix-based OSes, puts enterprises at risk. Here's how to defend against potential exploits.

Chicago: Uber’s claim that hackers fully deleted stolen data is “nonsensical” (Ars Technica) Uber's been sued at least 11 times in just 1 week, faces new scrutiny from Senate.

Data Breaches Within the Retail and Hospitality Industries (BitSight) In this blog, BitSight researchers examine data breach trends within the Retail and Hospitality industries.

10 tips to optimize security during the holidays (Help Net Security) Optiv Security shared its annual list of tips to help organizations get the most from their security programs during the busy holiday season.

Expensify sent images with personal data to Mechanical Turkers, calls it a feature (Ars Technica) Expensify announces "private" transcription on Mechanical Turk as "Turkers" report seeing sensitive data.

Hackers can Exploit Load Planning Software to Capsize Balance of Large Vessels (HackRead) Ships can be hacked and the reason is its vulnerable messaging system. It is a fact that ship loading and container stowage plans are created without using

IBM Discovers Cybercrime Ring Targeting Canadian Businesses (PYMNTS) IBM X-Force, the cybersecurity intelligence and research unit of IBM, has reportedly discovered a cybercriminal ring operating out of Ukraine targeting Canadian businesses.

Canadian Business Banking Customers Hit With Targeted Phishing, Account Takeover Attacks (Security Intelligence) A targeted phishing campaign aimed at Canadian businesses prompts users with high levels of access to divulge login credentials and authentication codes.

Thousands of FTSE 100 Corporate Log-Ins Found on Dark Web (Infosecurity Magazine) Thousands of FTSE 100 Corporate Log-Ins Found on Dark Web. Anomali spots over 16,000 emails and plain text passwords for sale

Federal student aid site offers one-stop shopping for ID thieves (Ars Technica) If you have someone’s name, birthdate, and SSN, FAFSA site will give up sensitive data.

Federal Websites Still Lack Basic Security (Infosecurity Magazine) Only 71% of all the reviewed websites passed the SSL test.

DoS (Denial of Service) Attack Tutorial: Ping of Death, DDOS (guru99) DOS is an attack used to deny legitimate users access to a resource such as accessing a website, network, emails, etc. or making it extremely slow.

The 10 Wildest Ways Hackers Steal Data ( Our infographic reveals the unexpected ways that hackers steal data. It's not just your laptop and smartphone, even your morning cup of coffee isn't safe.

What Amazon Echo and Google Home Do With Your Voice Data (WIRED) Like the idea of Amazon Echo and Google Home, but feel uneasy about all that recording? Here's what they listen to—and how to delete it.

Security firm Bkav: Face ID not secure enough for business transactions (Phone Arena) You might recall that earlier this month, we told you that Vietnamese security firm Bkav had invented a mask that apparently defeated the Apple iPhone X's Face ID. The company has reached out to us this morning to tell us that it has invented a new mask that will allow twins to defeat Apple's facial recognition system. And with that, comes a warning.

iPhone X Face ID fooled again by 'evil twin' mask (Register) Apple's facial-recog tech 'not secure enough for business' claim researchers

Hackers can easily tap into an office phone and listen to everything you're saying — here's how (Business Insider) Cybersecurity expert Ang Cui explains the exploit, how someone might use it to spy on you, and what you can do to protect yourself.

How one man could have deleted any image on Facebook (Naked Security) Pouya Darabi found how to embed other people’s images in a Facebook poll so that deleting *his* poll also deleted *their* files.

Security Patches, Mitigations, and Software Updates

PowerDNS patches five security holes in widely used nameserver software (Help Net Security) PowerDNS has pushed out security updates and patches for its PowerDNS Authoritative Server and Recursor nameserver software.

Google Detects Android Spyware That Spies On WhatsApp, Skype Calls (The Hacker News) Google has discovered a fully featured backdoor that that installs an auto-tooting Tizi Android spyware app on targeted devices.

Google Finance gets redesigned, finally dumps Adobe Flash (Ars Technica) Google Finance now lives as a tab in Search, and some features are going away...

Cyber Trends

The Looming War of Good AI vs. Bad AI (Dark Reading) The rise of artificial intelligence, machine learning, hivenets, and next-generation morphic malware is leading to an arms race that enterprises must prepare for now.

Q3 2017 Akamai State Of The Internet / Security Report Reveals Significant Increase In Web Application Security Attacks, Evolution Of Attacker Strategies (Akamai) Holiday shopping season may see new attack types leveraging IoT devices, mobile platforms

Majority of consumers would stop doing business with companies following a data breach, finds Gemalto (CSO) A majority (70%) of consumers would stop doing business with a company if it experienced a data breach, according to a survey of more than 10,000 consumers worldwide conducted on behalf of Gemalto, the world leader in digital security.

What Developers Need to Know about the State of Software Security Today (Veracode) Developers are constantly thrown under the bus when it comes to appsec woes, but it's time to put the “lazy developer trope” to bed. Devs do care about security- Veracode recently found that developers rarely try to rig the system by rejecting findings as false positives or as mitigated by design. In the last year, devs documented mitigations for just 14.4% of all the flaws found by Veracode’s platform.

Why the Cyber-Criminals are Winning the Fight of Good vs. Evil (Infosecurity Magazine) There’s an entirely new way of being a criminal, and most people don’t even realize it.

Soaring Cost of Cyber Attacks Raises Concerns for Boston Healthcare Industry (BostInno) According to a new report from the Ponemon Institute, the cost and frequency of cyber attacks is on the rise — and one industry, in particular, is getting hit especially hard. Healthcare institutions are expected to lose $1.3 billion to cyber attacks in 2017 alone, and with some of the top hospitals in the country located here in Boston, that brings the threat and potential economic impact of cyber attacks even closer to home.

London and Berlin are Most Exposed Cities in Europe (Infosecurity Magazine) London and Berlin are Most Exposed Cities in Europe. Trend Micro research finds millions of connected devices can be remotely attacked

The Quantum Spy Author David Ignatius on the Future of High-Tech Espionage (WIRED) In his latest novel, David Ignatius tackles the intersection of quantum computing and spying


Security business Barracuda Networks acquired for $1.6 billion (TechCrunch) Private equity giant Thoma Bravo has agreed today to buy Barracuda Networks in a take-private deal that's valued at $1.6 billion. The company was offered..

Barracuda reeled in by Thoma Bravo (CRN) UK's sole Premier partner anticipates a faster Barracuda under private equity ownership,Finance and M&A ,Barracuda,Thoma Bravo,Altinet

Trend Micro Buys Immunio (Dark Reading) The acquisition is aimed at balancing the speed of DevOps with application security.

Akamai Completes Acquisition of Nominum (Multichannel News) Akamai Technologies, Inc. (NASDAQ: AKAM) today announced the company has completed its acquisition of Nominum, a provider of DNS-based security solutions supporting many of the world’s leading carriers.

SoftBank makes offer for Uber shares at 30% discount (TechCrunch) A SoftBank Group-led team of investors has made an offer to buy Uber's shares in a tender offer that would value the company at about a 30% discount to Uber's..

A $35 million expansion to the Cyber Innovation and Training Center (WJBF-TV) The second facility should be finished in December of 2018.

Cybersecurity Professional Recruitment Chaos (CSO Online) Because of the global cybersecurity skills shortage, nearly half of all cybersecurity professionals are solicited to consider other jobs at least once per week

Meg Whitman’s legacy? Restoring Hewlett-Packard's relevancy (Silicon Valley Business Journal) After six years helming Hewlett Packard businesses, Meg Whitman’s legacy will be known for the resurrection of a veteran Silicon Valley company that long struggled to regain its luster.

Booz Allen's defense and intelligence chief to retire, setting up leadership change across three divisions (Washington Business Journal) McLean-based Booz Allen Hamilton (NYSE: BAH) will undergo a major leadership change come mid-2018, as the longtime head of its defense and intelligence businesses retires.

John McAfee Joins Advisory Board of Hacken (Business Insider) Hacken, the first custom-tailored decentralized token for cybersecurity professionals, announces John McAfee, a legend in the IT and cybersecurity fields, joining as an advisor to the Hacken Ecosystem, where he joins advisor Krowd Mentor and partner TaaS Fund.

New CSO, CISO appointments (CSO Online) Find up-to-date news of CSO, CISO and other senior security executive appointments.

Products, Services, and Solutions

The Risk of Overconfidence in the Cybersecurity Perimeter (Bricata) A 2017 survey of IT leaders suggests the vast majority of businesses are overconfident in their perimeter defenses. More than 90% said, “businesses feel that perimeter security is keeping them safe.”

CrowdStrike Falcon is Now Available on AWS Marketplace (BusinessWire) CrowdStrike Inc., a leader in cloud-delivered endpoint protection, today announced the availability of the CrowdStrike Falcon platform on Am

Prey Software Expands Mobile Device Management Capabilities for Apple iOS Users (GlobeNewswire News Room) Apple Push Certification establishes trusted connection for advanced anti-theft security such as data lock/wipe and mass actions

GuardiCore Advances Centra Platform To Simplify Micro-Segmentation (PRNewswire) GuardiCore, a leader in cloud and data center...

ERPScan releases AI-driven SAP cybersecurity platform (Inside SAP) A new platform from cybersecurity research firm ERPScan uses machine and deep learning to cover all aspects of SAP security – predictive, preventive, detective and responsive capabilities – in a single solution.

Technologies, Techniques, and Standards

Massively Popular, Session Replay Scripts are a GDPR Liability (RiskIQ) Querying our own data, RiskIQ uncovered that the domains of 38 of the top 50 U.S. online retailers contain session replay scripts.

GDPR is not an IT project, warns expert panel (Computing) Erik Vynckier, board member of Firesters Friendly Society and Paul Edmunds, head of technology at the National Crime Agency explains how they're preparing for the upcoming GDPR

Alliance for Cyber Risk Governance Conference Establishes Community to Develop New Framework (GlobeNewswire News Room) Inaugural conference highlights the gaps in risk measurement and reporting reaffirming need for a more pragmatic framework

IoT Regulation: One Rule to Bind Them All vs Mission Impossible (Infosecurity Magazine) Two experts explore whether the IoT could (and should) be regulated

Could an air conditioner take down a military base? The Pentagon is worried (Fifth Domain) he Pentagon is looking to take steps against the possibility that a cyberattack could take down the crucial infrastructure at its bases, both domestically and overseas, per a top department official.

Advancing ICS Cybersecurity for Low-Impact Electricity Carriers (Nozomi) Cybersecurity threats to the power grid are a continuous danger nowadays, and because of this, regulation in North America may expand from covering bulk electricity carriers to low-impact carriers.

The best defense is a good offense: The case for new data security platforms (SiliconANGLE) Damaging news reports of data breaches at familiar companies like Uber Technologies Inc. and Equifax Inc. are scaring enterprises straight.

Get serious about patch validation and deployment -- fast (SearchITOperations) Patch validation keeps IT infrastructure stable and secure. Develop a security patching process to protect data, with dedicated staff or as-a-service tools.

The Motherboard Guide to Avoiding State Surveillance (Motherboard) A straightforward guide to privacy, messaging, and keeping yourself safe from passive and active surveillance.

Design and Innovation

Is the US behind in cyber-enabled info operations? (C4ISRNET) How information-related capabilities – especially through the cyber domain – manifest themselves from a joint command construct, is murky.

Facebook tool will reveal if you were fooled by Russian propaganda (Naked Security) Facebook says that Russia-backed posts reached 126 million Americans during the 2016 US election.

To Handle Its Influx of Drone Footage, Military Should Teach AI to Watch TV (WIRED) Opinion: The Pentagon collects so much surveillance footage that humans can’t watch all of it. It’s time to deploy AI.

The Federal Cyber AI IQ Test (MeriTalk) With the advent of cloud, IoT, and other next-gen technologies, the Federal government’s digital footprint is growing at an exponential rate.

AI is Here, Is Your Company Ready? (Hint: No) (New York Law Journal) The scale and scope of artificial intelligence is well-described. Merrill Lynch predicts an “annual creative disruption impact” of $14 to $33 trillion…

Penthouse adopts Blockchain as Traffic Becomes Adult Industry’s Top Revenue Source (ChipIn) Penthouse and Exxxtasy join forces to launch Vice Token that enables content monetization and payments...

Research and Development

Researchers Demonstrate 'Un-Hackable' Quantum Encryption (Infosecurity Magazine) It’s capable of creating and distributing encryption codes five to 10 times faster than existing methods and on par with current internet speeds.

Legislation, Policy, and Regulation

Opinion: Pakistan's ignominious surrender to Islamists (Deutsche Welle) November 27 will be remembered as a "black day" in Pakistan – a day when religious hardliners forced the entire state to surrender over a blasphemy row. And the military sided with Islamists, writes DW's Shamil Shams.

Allies and EU countries developing cyber offenses, but against whom to apply them? (Jane's 360) While a number of NATO and EU countries are developing their cyber offensive capabilities, these will do little good if the provenance of cyber attacks against them cannot be precisely attributed.

The end of net neutrality draws near (Naked Security) Will it mean a newly vibrant and competitive internet or an internet for the rich?

The End of Net Neutrality Means ISPs Could Crack Down on Cryptocurrencies (Motherboard) Experts worry that net neutrality repeals could affect everyone's favorite magic internet money.

Many agencies leery of continuous evaluation, as DoD plans to go all in ( Many civilian agencies say they need more guidance and information from ODNI about key components of the continuous evaluation program.

“Fixes” to FISA Could Severely Harm FBI National Security Investigations (Slate Magazine) There is a national security imperative for the FBI to review quickly and efficiently data that the government has lawfully collected.

Senators introduce revenge p[0]rn bill (TechCrunch) Senators Kamala D. Harris (D-CA), Richard Burr (R-NC) and Amy Klobuchar (D-MN), as well as Rep. Jackie Speier introduced a bill today to address revenge p[0]rn...

Litigation, Investigation, and Law Enforcement

Iran targeting international IP for theft and extortion (CSO Online) Various Iranian hacker groups are successfully stealing or illegally procuring IP using all the tools in the toolbox to achieve their results.

US charges 3 Chinese nationals with hacking (CNN) The Justice Department on Monday unsealed an indictment against three Chinese nationals in connection with cyberhacks and the alleged theft of intellectual property of three companies, according to US officials briefed on the investigation.

Security firm was front for advanced Chinese hacking operation, Feds say (Ars Technica) The accused hacked 3 multinational corporations in pursuit of intellectual property.

Flynn's lawyer meets members of special counsel's team, raising specter of plea deal (ABC News) The lawyer for President Donald Trump’s former national security adviser Michael Flynn met Monday morning with members of special counsel Robert Mueller’s team.

FBI deviated from its policy on alerting hacking victims (WTOP) WASHINGTON (AP) — The FBI deviated from its own policy on notifying victims of computer hacking when it left many U.S. officials and other Americans in the dark about Kremlin-aligned attempts to break into their…

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

INFILTRATE (Miami Beach, Florida, USA, April 26 - 27, 2018) INFILTRATE is a "pure offense" security conference aimed at the experienced to advanced practitioner. With the late-90s hacker con as its inspiration, the event has limited attendance in order to foster...

Upcoming Events

CyberCon 2017: Beyond Cybersecurity (Pentagon City, Virginia, USA, November 28, 2017) The cyber front is about more than just security. Defending in cyberspace takes a holistic approach, encompassing technology, policy and people. That’s why we’re bringing together military, intelligence...

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. It brings together corporate leaders from multiple function areas...

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive...

Hackers Challenge (New York, New York, USA, December 6, 2017) Welcome to the Hackers Challenge - a must-attend event for IT security professionals across all industries. Radware and Cisco invite experienced hackers to attack the cyber-defense of a website within...

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government...

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.